what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2021-39275

Status Candidate

Overview

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

Related Files

Ubuntu Security Notice USN-5090-4
Posted Sep 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
MD5 | 90831576b5e159be92f9a4a7af321eef
Ubuntu Security Notice USN-5090-3
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
MD5 | 5608f104eebba750eb15f048c91ed22d
Ubuntu Security Notice USN-5090-2
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-2 - USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-34798, CVE-2021-39275, CVE-2021-40438
MD5 | f1c0afba6ab0b08d98b70d4d4b21f6b1
Ubuntu Security Notice USN-5090-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-1 - James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
MD5 | bee903869d8b39d2bae378c7b64ba4d0
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close